Marriott sued for data breach

CHARLESTON — A lawsuit has been filed against Marriott International for allegedly failing to secure and safeguard customers' personal information in Maryland federal court.

The plaintiffs in the lawsuit are former West Virginia House of Delegates member Ron Walters and Kenneth Tew.

The lawsuit names Marriott International and its parent company Starwood Hotels & Resorts Worldwide as defendants.

"Marriott should have known to invest in readily available, state-of-the-art data security systems, given the highly sensitive information it has acquired from a world-wide clientele, especially given the number of recent breaches in similar industries," Charles R. "Rusty" Webb said in an interview with The West Virginia Record. "It should have been far more diligent and transparent in its duty to its clients."

Webb
Photo courtesy of Charles R. "Rusty" Webb

Beginning in 2014, hackers exploited vulnerabilities in Starwood's network by accessing the guest reservation system and stole data, according to the suit.

The plaintiffs claim in November, Marriott acknowledged an investigation had determined that unauthorized access had occurred to the guest reservation database.

Marriott could have prevented the data breach by adopting technology that would help make databases for secure, but it did not, according to the suit.

The plaintiffs claim Marriott disregarded the plaintiffs and the class members' rights by intentionally, willfully, recklessly and negligently failing to take adequate and reasonable measures to ensure its data systems were protected.

The plaintiffs' and class members' private information was improperly handled and stored, was unencrypted and was not kept in accordance with applicable required and appropriate cyber-security protocols, policies and procedures, according to the suit.

The plaintiffs claim, as a result, their personal information was compromised and stolen.